SourceCodester Best Online News Portal Login Page sql injection
CVE-2023-0784

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Best Online News Portal
Vendor
CVE Published:
12 February 2023

What is CVE-2023-0784?

A vulnerability has been discovered in SourceCodester's Best Online News Portal 1.0, specifically within the Login Page component. An attacker could exploit this vulnerability through manipulation of the username argument, leading to SQL injection. This flaw allows for remote exploitation, presenting significant security risks as the exploit has already been disclosed publicly. It is crucial for users of the affected product to take necessary precautions and implement mitigation strategies.

Affected Version(s)

Best Online News Portal 1.0

References

https://vuldb.com/?id.220644
vdb-entrytechnical-description
https://vuldb.com/?ctiid.220644
signaturepermissions-required
https://youtu.be/V62MSWhLGL4
media-coverage

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gab3 (VulDB User)
JSON
.